Any type of login or authentication procedure in an IT environment includes a process of verifying an authorized user. That is, the user may use the corresponding service by verifying the identity of any person to be allocated with specific authority.
For the identification, a method of using knowledge-based information that receives information which is considered to be known only to a party, such as an ID and a password, is generally used.
However, in the method of using the knowledge-based information such as an ID and a password, it is inconvenient for a user to always input an ID and a password for verification of the identity, and there is a disadvantage in that the user does not access the corresponding service when the user does not remember the ID and the password.
Further, recently, as various security treats increase, security accidents due to leakage and illegal stealing of the ID, the password, and the like frequently occur and various cyber crimes and property damages occur by the leakage of personal information online.
Accordingly, in order to prevent the damage of leakage and stealing of the ID, the password, and the like, in addition to the ID and the password, a method of using possession-based information to receive information about the possession of only the party such as a one-time password (OTP) and certificate, a method of using bio-based information to receive biological information of the party such as fingerprint, iris, voice and facial recognition, and the like have been used.
However, in the conventional methods using knowledge-based information, possession-based information, and bio-based information, the personal identification information is fixed and permanent. Therefore, it is inconvenient to update the identification information when the identification information is leaked and periodically update the identification information in order to maintain the security. In particular, when the bio-based information is used, since the identification information is information that can not be updated, there is a problem that it is very vulnerable to security due to information leakage. In addition, in the conventional methods, since essential personal information such as a date of birth, a resident registration number, and the like of the user is stored in a server, many social problems arise from theft of personal information upon personal information leakage by hacking and the like.
In addition, in the conventional methods, since the personal static attribute is reflected to the identification information, the identification information and association with the user who uses the identification information may be easily tracked on the Internet. Accordingly, there is a problem in that the methods are weak in terms of protection of personal information.
In addition, in the conventional methods, since the authorities to access personal information and services are controlled by art administrator and allows access to services according to the personal information stored in the account database of the service, there is a risk that unauthorized service can be used when the personal information is exposed to a third party.
In addition, when the personal identification information is provided to the third party to temporarily use the service, there is an inconvenience that the identification needs to be updated after the identification information of the user is exposed to the third party.